RFR JDK-8003245
John Zavgren
john.zavgren at oracle.com
Tue Jun 25 14:28:52 UTC 2013
Greetings:
I made a change to
src/share/native/sun/security/pkcs11/wrapper/p11_convert.c... I replaced
all the code that looks like this:
struct fubar bar;
memset(&bar, 0, sizeof(struct fubar));
with code that looks like this:
struct fubar bar = {0};
Also, I looked for similar usage patterns in neighbouring security code
that would cause references to uninitialized data structure memory, and
found none. The basic issue that I discovered was that certain
procedures were returning structures (not pointers to structures) that
were allocated on the stack as uninitialized memory. (I found the bug by
running the native code through doxygen and then I looked at every data
structure instance.)
The latest webrev image is at:
http://cr.openjdk.java.net/~jzavgren/8003245/webrev.02/
<http://cr.openjdk.java.net/%7Ejzavgren/8003245/webrev.02/>
Thanks!
John Zavgren
On 06/18/2013 10:27 PM, John Zavgren wrote:
>
> Greetings:
>
>
> Please consider the following changes that eliminate the use of
> uninitialized memory.
>
>
> http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/
>
>
> Thanks!
> John
>
>
>
--
John Zavgren
john.zavgren at oracle.com
603-821-0904
US-Burlington-MA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130625/12234439/attachment.htm>
More information about the security-dev
mailing list